Implementing RBAC for Azure Data Lake Storage - Exam DP-200 - Microsoft

Implementing RBAC for Azure Data Lake Storage

Question

You develop data engineering solutions for a company.

A project requires the deployment of data to Azure Data Lake Storage.

You need to implement role-based access control (RBAC) so that project members can manage the Azure Data Lake Storage resources.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

ADE

AD: Create security groups in Azure Active Directory. Assign users or security groups to Data Lake Storage Gen1 accounts.

E: Assign users or security groups as ACLs to the Data Lake Storage Gen1 file system

https://docs.microsoft.com/en-us/azure/data-lake-store/data-lake-store-secure-data

To implement role-based access control (RBAC) for managing Azure Data Lake Storage resources, you should perform the following actions:

A. Assign Azure AD security groups to Azure Data Lake Storage: You should create Azure Active Directory (AD) security groups and add the project members to the groups. These groups should then be assigned appropriate permissions to the Azure Data Lake Storage account. This will allow you to control access to your Azure Data Lake Storage account and its resources based on the membership of the Azure AD security groups.

D. Create security groups in Azure Active Directory (Azure AD) and add project members: As mentioned above, you need to create Azure AD security groups and add project members to the groups. You should then assign the security groups to the Azure Data Lake Storage account. This allows you to control access to your Azure Data Lake Storage account and its resources based on the membership of the security groups.

E. Configure access control lists (ACL) for the Azure Data Lake Storage account: You should configure access control lists (ACLs) for the Azure Data Lake Storage account. An ACL is a list of permissions that specifies which users or groups have access to which resources. With ACLs, you can set permissions on individual files or folders within your Azure Data Lake Storage account. This allows you to grant or deny specific permissions to specific users or groups.

Therefore, the correct options are A, D, and E. Option B is incorrect because configuring end-user authentication is not related to RBAC for managing Azure Data Lake Storage resources. Option C is also incorrect because configuring service-to-service authentication is not related to RBAC for managing Azure Data Lake Storage resources.